Chinese “Crackers” Attack Pentagon

In June, Chinese military crackers, people who try to gain unauthorized access to computer networks as opposed to hackers who are simply computer enthusiasts, successfully gained access to a Pentagon computer network. Those crackers are members of the People’s Liberation Army’s (PLA) computer network operations (CNO), the cutting edge of Red China’s maturing information warfare capability.

The US must consider the risks associated with Internet security before it’s too late. “I think it’s going to take an Internet 9/11, and we’ve had some pretty serious problems on the Internet” before the country becomes zealous about cyber warfare, said Gen. Ronald Keys, commander of Air Combat Command in February. The time to get serious about cyber attacks has arrived.

On September 4, the Financial Times reported that in June the Chinese military cracked into a Pentagon computer network serving the office of Robert Gates, the defense secretary. This is reported to be the most successful cyber attack ever on the US defense department. China’s spokeswoman Jiang Yu called the allegation “groundless” but cyber attacks against the US Government are becoming an all too common occurrence and China’s PLA is doing the same to our allies.

Last month, Germany’s Der Spiegel magazine reported that the Chinese military “cracked into the computers of Angela Merkel’s chancellery and three other German ministries” in an extraordinary espionage operation. The Chinese government denied the report calling the allegation “irresponsible speculation without a shred of evidence.”

According to Der Spiegel espionage programs traced to China’s PLA had been “detected in computer systems in Merkel’s office.” Merkel told China’s Premier Wen Jiabao that she had seen the reports about the espionage operation and warned him “we must together respect a set of game rules.”

The Financial Times quoted a US official who said the Pentagon knows the origin of the June attack. Another official familiar with the attack said there was a “very high level of confidence” that China’s PLA was responsible.

In July, the Pentagon published a report, Military Power of the People’s Republic of China, that states the PLA is investing in CNO. The PLA uses CNO concepts that include computer network attack, computer network defense, and computer network exploitation in order to prepare for “electromagnetic dominance” in a future conflict. This is what Chinese military theorists call “Integrated Network Electronic Warfare” which is meant to disrupt battlefield network information systems like the US E-3 Sentry which is an airborne warning and control system (AWACS).

China “has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics,” states the Pentagon report. In 2005, the PLA started incorporating offensive CNO into its exercises to prepare its forces to launch pre-emptive attacks against enemy computer networks that are critical to sophisticated militaries like the US.

Unfortunately, the Pentagon isn’t the only US military facility in China’s crosshairs. Chinese attacks on DOD systems are far more widespread than is publicly known, said Alan Paller, director of research at the Sans Institute, an information security and certification firm. “The problem is thousands of times bigger than what you hear,” he said.

On November 15, 2006, the Naval War College’s network was attacked by Chinese crackers forcing it to disconnect from the Internet for several weeks.

Navy forensic analysts found the crackers may have been seeking information on the naval college’s war games. The institution was especially vulnerable because “it did not have the latest security protections,” said Lt. Cmdr. Doug Gabos, a spokesman for the Navy Cyber Defense Operations Command in Norfolk, VA.

In 2005, the Defense Department acknowledged other security failures when it confirmed the existence of a program called Titan Rain. That program traced attackers against American computer systems at NASA and Sandia National Laboratories to Chinese crackers in the Guangdong province.

Apparently, these attacks are part of an ongoing campaign by Chinese crackers to penetrate US Government computers. They crack into networks using a form of “phishing,” attempting to fraudulently acquire sensitive information using e-mail messages from the host network. They use other methods such as computer viruses and worms as well, says Paller.

“The Internet was not designed for security, and there are 243 countries connected to the Internet,” says Jody Westby, CEO of Global Cyber Risk. Cracking exposes the flaws in the Internet which is hard to secure much less track violators.

Last fall, in response to the growing cyber threat, the Air Force announced plans to create a cyber command to bring full-scale military operations to cyberspace. The command will apply the laws of armed conflict, which include having rules of engagement and delivering proportional responses to attacks, said Lt. Gen. Robert Elder, commander of the 8th Air Force, the new cyber unit’s command.

China may pose only a potential military threat, but the cyber war is on, said Larry Wortzel, chairman of the US-China Economic and Security Commission. However, identifying the Chinese cracking sources may be difficult because there are so many PLA CNO units and China employs 39,000 full-time Internet police who could easily double for crackers.

The PLA understands that computer networks are vital to modern warfare which explains why it is pouring billions of dollars into equipping its forces for possible attack against the US’ technological edge. “The mechanism to get the upper hand of the enemy in war under conditions of informatization,” said a November 2006 Liberation Army Daily commentator, is “whether or not we are capable of applying effective means to weaken the enemy side’s information superiority and lower the operational efficiency of enemy information equipment.”